The German newspaper Der Spiegel has unveiled a whole bunch of stuff about the NSA and its tools that defy belief. Their tools and actions go way beyond what we already knew; we're not just talking passive information gathering through cables and such, but way, way more.

For instance, the NSA can divert shipments of purchased computers and equipment to their own secret workshops, where malware and spying hardware is added to these products before they are then shipped onward to the buyers. They also intercept Windows crash reports as they are sent from users' computers to Microsoft's servers. Worse yet, they can reportedly add special hardware to drones that can wirelessly infect computers from up to 8 kilometres away.

We've only seen the tip of the iceberg here. The fact that no heads are rolling in Washington over this illustrates just how corrupt and undemocratic the US government has become.

Refusal by certain Linux distros to ship binary blobs has been usually met with scorn about excessive paranoia in the past. As it turns out the motivations behind that refusal have been more than vindicated by this leak.

It turns out that not only you cannot trust binary blobs obtained/download from vendors but you cannot trust baked-in firmware either. Just to put this into perspective pretty much every component today ships with some sort of firmware: BIOS/UEFI, hard-drives, SSDs, wireless cards, graphics cards, etc... You name it.

There is open-source software that were trojaned, NSA modified well-known open-source cryptographic algorithms, etc and no one noticed. Considering the quality of said open-source and the reluctance of paranoid coders like you to review code, there is still chance to get hammered while using your beloved Linux.

There is open-source software that were trojaned, NSA modified well-known open-source cryptographic algorithms, etc and no one noticed.

What software are you talking about? If you're talking about the Dual_EC_DRBG then you're completely on the wrong foot here, Dual_EC_DRBG was available, but it was not the default and had to be specifically chosen as the RNG in use. And it was already known to be faulty, no one just had removed it. Besides, NSA didn't trojan it into any software, it was added because of standards.

Anyone who thinks Linux offers real security or immunity from exploitation is nothing more than a victim waiting to happen. These guys have it all rigged whether it's software, hardware, firmware, whatever. The only way people can truly protect themselves is by inventing a time machine and going back to live when steam power was the hottest ticket in town, or prior.